Authentication
OAuth, data access, billing, privacy, and publishing safety for Pixloop MCP.
Security model
OAuth 2.0 authorization code with PKCE is supported for connector clients, including Codex via codex mcp login. Client credentials can be used for API-style testing with a Pixloop API key from Account Settings → API Keys.
Remote HTTPS MCP over Streamable HTTP. Authenticated tools are exposed through JSON-RPC methods such as initialize, tools/list, and tools/call.
Pixloop uses the permissions of the signed-in Pixloop account: brands, media, workflows, credits, and connected publishing accounts.
Publishing tools support dry-run flows and should publish live posts only after explicit approval in the current conversation.
Generation consumes Pixloop credits according to the selected model, action, output duration, resolution, and provider cost.
Uploaded assets, generated creative, connected account data, and privacy rights are governed by the Pixloop Privacy Policy and Terms.
Discovery
Connector clients discover authorization metadata through the MCP server origin before making authenticated tool calls.
GET /.well-known/oauth-protected-resource
GET /.well-known/oauth-authorization-server